Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

```UnwrapAndSendETH::unwrapAndSendETH``` can be fail silently

kiteweb3

Summary

As indicated in the Solidity docs: "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed." Therefore, transfers may fail silently.

Vulnerability Details

In the UnwrapAndSendETH::unwrapAndSendETH, a call is executed with the following code:

function unwrapAndSendETH(address to) external {
uint256 wethBalance = IWETH(WETH).balanceOf(address(this));
require(wethBalance > 0, "Insufficient WETH");
IWETH(WETH).withdraw(wethBalance);
@> (bool success, ) = to.call{value: address(this).balance}(
new bytes(0)
);
@> require(success, "Eth transfer Failed.");
}

Impact

Per the Solidity docs:
"The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed." Therefore, transfers may fail silently.
Please find the documentation here: https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert-require-revert-and-exception

Tools Used

Manual review

Recommendations

Check for the account's existence prior to transferring.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.